Date: Wed, 30 Aug 1995 10:39:12 -0700 (MST) From: Terry Lambert <terry@Artisoft.com> To: kuku@gilberto.physik.rwth-aachen.de Cc: freebsd-hackers@freefall.FreeBSD.org Subject: Re: *READ THIS* snapshot fixes security hole *READ THIS* (fwd) Message-ID: <199508301739.KAA18719@phaeton.artisoft.com> In-Reply-To: <199508301035.MAA16690@gilberto.physik.rwth-aachen.de> from "Christoph Kukulies" at Aug 30, 95 12:35:55 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> > Here are the files in /bin and /sbin which call syslog() > > > > BIN > > ./date/date.c > > > > SBIN > > ./shutdown/shutdown.c > > ./savecore/savecore.c > > ./routed/tables.c > > ./routed/startup.c > > ./routed/main.c > > ./routed/input.c > > ./reboot/reboot.c > > ./nfsiod/nfsiod.c > > ./nfsd/nfsd.c > > ./newfs/newfs.c > > ./mountd/mountd.c > > ./init/init.c > > ./dmesg/dmesg.c > > ./mount_portal/pt_file.c > > ./mount_portal/mount_portal.c > > ./mount_portal/activate.c > > ./mount_portal/conf.c > > ./mount_portal/pt_exec.c > > ./mount_portal/pt_tcp.c > > ./mount_nfs/mount_nfs.c This is silly (and the list is incomplete -- you see the CERT advisory target program listed there at all? 8-)). The only "danger" from the syslog() is when it's used to log user input and that userinput consists of a clever stack hack to make the program blow. Unless it's a daemon or an SUID/SGID program, there is *no* hole. Programs run by inetd count as "SUID". Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199508301739.KAA18719>